Bruno Wolff III said:
> On Mon, May 17, 2004 at 18:00:48 -0400,
> Andrew Dunstan <[EMAIL PROTECTED]> wrote:
>>
>> But what we listen to relates to the destination address of the
>> packets, not the source address ...
>
> There still is some small risk. If you OS doesn't reject packets
> destined
On Mon, May 17, 2004 at 18:00:48 -0400,
Andrew Dunstan <[EMAIL PROTECTED]> wrote:
>
> But what we listen to relates to the destination address of the packets,
> not the source address ...
There still is some small risk. If you OS doesn't reject packets destined
for 127.*.*.* that don't come fr
Doug McNaught <[EMAIL PROTECTED]> writes:
> Greg Stark <[EMAIL PROTECTED]> writes:
>
> > Marko Karppinen <[EMAIL PROTECTED]> writes:
> >
> >> On 17. touko 2004, at 10:40, Tatsuo Ishii wrote:
> >> > Consider a program using JDBC on localhost. It can only reach to
> >> > PostgreSQL via TCP/IP.
> >
Greg Stark wrote:
Ah! Of course. That makes sense, and listening on 127.0.0.1 never
hurt anyone (except, of course, the tinfoil hat crowd nmapping
localhost in a frenzy...)
Actually on many systems it was very possible to send packets to a machine
with a source address of 127.0.0.1 even ove
Greg Stark <[EMAIL PROTECTED]> writes:
> Doug McNaught <[EMAIL PROTECTED]> writes:
>
>> Java doesn't support Unix domain sockets. If you want to use JDBC,
>> you have to use TCP sockets.
>
> That doesn't follow. That just means you can't implement a unix domain socket
> driver using only Java. Is
Greg Stark <[EMAIL PROTECTED]> writes:
> Marko Karppinen <[EMAIL PROTECTED]> writes:
>
>> On 17. touko 2004, at 10:40, Tatsuo Ishii wrote:
>> > Consider a program using JDBC on localhost. It can only reach to
>> > PostgreSQL via TCP/IP.
>
> Huh? Why on earth would that be true? Is this a limitatio
Marko Karppinen <[EMAIL PROTECTED]> writes:
> On 17. touko 2004, at 10:40, Tatsuo Ishii wrote:
> > Consider a program using JDBC on localhost. It can only reach to
> > PostgreSQL via TCP/IP.
Huh? Why on earth would that be true? Is this a limitation of our JDBC
drivers?
> Ah! Of course. That mak
Marko Karppinen said:
>> Tatsuo Ishii wrote:
>>> Is there any security risk if we enable tcpip_socket by default? We
>>> restrict connection from localhost only by default so I think
>>> enabling tcpip_socket adds no security risk. Please correct me if I
>>> am wrong.
>
> Bruce Momjian wrote:
>> Ri
Marko Karppinen wrote:
> If the default will be to listen on all interfaces, not just
> 127.0.0.1, then this IS a security risk. And if that's not the plan,
> what good does this change do? Any "real" use of tcp would still
> require a
> configuration
> change anyway.
Some interfaces, most notably
Tatsuo Ishii wrote:
Is there any security risk if we enable tcpip_socket by default? We
restrict connection from localhost only by default so I think enabling
tcpip_socket adds no security risk. Please correct me if I am wrong.
Bruce Momjian wrote:
Right, and 7.5 will ship with tcp and localhost en
On 17. touko 2004, at 10:40, Tatsuo Ishii wrote:
Consider a program using JDBC on localhost. It can only reach to
PostgreSQL via TCP/IP.
Ah! Of course. That makes sense, and listening on 127.0.0.1 never
hurt anyone (except, of course, the tinfoil hat crowd nmapping
localhost in a frenzy...)
mk
On Mon, 17 May 2004 05:29 pm, Marko Karppinen wrote:
> If the default will be to listen on all interfaces, not just 127.0.0.1,
> then this IS a security risk. And if that's not the plan, what good does
> this change do? Any "real" use of tcp would still require a
> configuration
> change anyway.
> > Tatsuo Ishii wrote:
> >> Is there any security risk if we enable tcpip_socket by default? We
> >> restrict connection from localhost only by default so I think enabling
> >> tcpip_socket adds no security risk. Please correct me if I am wrong.
>
> Bruce Momjian wrote:
> > Right, and 7.5 will sh
> Tatsuo Ishii wrote:
> > Is there any security risk if we enable tcpip_socket by default? We
> > restrict connection from localhost only by default so I think enabling
> > tcpip_socket adds no security risk. Please correct me if I am wrong.
>
> Right, and 7.5 will ship with tcp and localhost enab
Tatsuo Ishii wrote:
> Is there any security risk if we enable tcpip_socket by default? We
> restrict connection from localhost only by default so I think enabling
> tcpip_socket adds no security risk. Please correct me if I am wrong.
Right, and 7.5 will ship with tcp and localhost enabled.
--
Is there any security risk if we enable tcpip_socket by default? We
restrict connection from localhost only by default so I think enabling
tcpip_socket adds no security risk. Please correct me if I am wrong.
--
Tatsuo Ishii
---(end of broadcast)---
T
16 matches
Mail list logo
